Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the Security Value Map? See the map and download the full report today!
Course Of The Month
4 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
VPN
23K
Solutions
23
Articles & Videos
22K
Contributors
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
Share tech news, updates, or what's on your mind.
hello, anyone familiar with RouterOS? I'm trying to passthrough PPTP to my VPN server. Unfortunately I'm not well versed in this particular firewall and its setup.. At the moment I have accept for 1723 and GRE setup but it also requires a NAT command as well.. Any help would be appreciated.
0 Comments
please advise
I need to be able to run the executable (installer for cisco anyconnect)
security-warning.PNG
I need to be able to run the executable (installer for cisco anyconnect)
security-warning.PNG
Whats are the benefits of having MPLS- Velo cloud? We are a company with many branch offices and located in diffrent place and all of them are on diffrent domain. None of them are integrated yet. No VPN too. How MPLS will help us in integrating the company to one and how VPN an be setup so that users can work remotely and IT support can troubleshoot issues remotely not have to visit sites physically? Please suggest me. I want to see one domain under one umbrella.
I've got a Watchguard 500 series at the main office and a 2 series at a home office. I've needed to setup a VPN between the two devices to get an IP phone to function properly.
With the current home office setup I have one interface set as 'external' and connect the cable modem directly here. Then I have a 2nd interface as 'trusted' which connects to the users home router. The phone and computer connect to the home router and the VPN works fine.
At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.
Maybe I'm over thinking this but I'm stumped on how to configure this with the different home router/cable modem combo.
I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
With the current home office setup I have one interface set as 'external' and connect the cable modem directly here. Then I have a 2nd interface as 'trusted' which connects to the users home router. The phone and computer connect to the home router and the VPN works fine.
At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.
Maybe I'm over thinking this but I'm stumped on how to configure this with the different home router/cable modem combo.
I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
Hello Cisco Experts,
I am learning how to setup the site to site VPN between two locations but it's NOT working for some reason (it's failed when I pinged the 172.16.1.1 from 172.16.2.X network .... I also tried to hit a web server (172.16.1.xx at port 80) and no luck ... it seems some sort of settings is missing? I configured the site to site VPN with the ASDM wizard and it didn't give me any error message. So I hope someone can shed some lights here for me? Thanks in advance.
Following is configuration for ASA5505
sh run
: Saved
:
: Serial Number: xxxxxxxxxxxxx
: Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(4)
!
hostname 325RC-CASA5505
domain-name xxxxxxxxxxxxxx.com
enable password Yxxxxxxxxxxxxe encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2xxxxxxxxxxxxxxxxxxxU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level …
I am learning how to setup the site to site VPN between two locations but it's NOT working for some reason (it's failed when I pinged the 172.16.1.1 from 172.16.2.X network .... I also tried to hit a web server (172.16.1.xx at port 80) and no luck ... it seems some sort of settings is missing? I configured the site to site VPN with the ASDM wizard and it didn't give me any error message. So I hope someone can shed some lights here for me? Thanks in advance.
Following is configuration for ASA5505
sh run
: Saved
:
: Serial Number: xxxxxxxxxxxxx
: Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(4)
!
hostname 325RC-CASA5505
domain-name xxxxxxxxxxxxxx.com
enable password Yxxxxxxxxxxxxe encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2xxxxxxxxxxxxxxxxxxxU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level …
Hello,
I have Checkpoint Firewall, trying to route traffic for a remote user to the office then to another subnet in a different location to access RDP. Static routing is on the FW to this subnet, a policy is also set for that user to access that network and the subnet is in the Encryption domain.
In the office the access is accessible over MPLS. Can the traffic be routed to the FW over the Internet and forwarded over the MPLS link.
Thanks in Advance
I have Checkpoint Firewall, trying to route traffic for a remote user to the office then to another subnet in a different location to access RDP. Static routing is on the FW to this subnet, a policy is also set for that user to access that network and the subnet is in the Encryption domain.
In the office the access is accessible over MPLS. Can the traffic be routed to the FW over the Internet and forwarded over the MPLS link.
Thanks in Advance
Hello,
There are multiple users that connect to our VPN from various location.
Mine stopped working today.
Others are still able to connect.
I've tested trying to VPN to another server (that I know works) and am unable to.
I've turned off my AV and my firewall - but still can't log in.
Frustrating - it's worked fine until today!
Amber
There are multiple users that connect to our VPN from various location.
Mine stopped working today.
Others are still able to connect.
I've tested trying to VPN to another server (that I know works) and am unable to.
I've turned off my AV and my firewall - but still can't log in.
Frustrating - it's worked fine until today!
Amber
So if my understanding is correct from what I have managed to discover, the problem here is that any device connected to a cell phone hotspot, that has an active VPN, will simply route through the public ip connection on the hotspot and not go through the VPN.
Is there a way to 'route' through the VPN any device connected to the cell hotspot? I have heard that possibly rooting the cell phone may allow this, but I have never rooted a phone before.
Or, is there another way to make this happen? I am trying to create a secure VPN from our remote offices back to our main office using a cell phone...without having to step up to a LTE router.
Is there a way to 'route' through the VPN any device connected to the cell hotspot? I have heard that possibly rooting the cell phone may allow this, but I have never rooted a phone before.
Or, is there another way to make this happen? I am trying to create a secure VPN from our remote offices back to our main office using a cell phone...without having to step up to a LTE router.
Hi guys, we a small remote site with a PC and printer there, we have a firewall there just for the VPN for Printing. Is there anyway we can set this up to work without needing vpn?
Save the day with this special offer from ATEN!
Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.
We have a corporate wide area network. The main site is using tmg 2010, and uses 192.168.0.0/22. Also we have two more site connected to the main site via a vpn tunnel provided by the ISP. The external sites are 172.16.32.0/24 and 172.16.64.0/24
Traffic between the nodes worked just fine until we implemented the tmg 2010 at the main site. We connect to the ISP via a public IP. Also the ISP provides the traffic coming from the other sites, but we have not been able yet to configure the tmg properly to allow the incoming traffic from those external sites.
Any suggestions?
Here is the network topology.
Traffic between the nodes worked just fine until we implemented the tmg 2010 at the main site. We connect to the ISP via a public IP. Also the ISP provides the traffic coming from the other sites, but we have not been able yet to configure the tmg properly to allow the incoming traffic from those external sites.
Any suggestions?
Here is the network topology.
Odd one. We installed a Meraki MX 84 firewall in our office. We have successfully connected via VPN from at least 5 different remote locations. However, my Windows 10 machine WILL NOT connect. We have connected a couple different Win10,Win7,Ipads, Mac books just fine. My windows 10, using exact same set up as other Win 10 machine fails to connect, giving error of "L2TP Connection attempt failed because the security layer encountered a processing error during inial negotiations"
I started a case with Cisco, who had me do a packet capture. They confirmed that my PC was sending packets to Meraki. We checked IKE and AuthIP IPsec Keying service was set for "automatic" and running. It was...
We added correct registry key for "AssumeUDPEncapsulationCon
At this point, CISCO suggested I call ISP to see that my cable modem was set to enable VPN Passthrough. It is....
I then successfully added my Android tablet to connect VPN via the same wireless router/ ISP connection from my home. that worked fine.
Set my Windows 10 box to use 8.8.8.8. DNS...still no luck
Not sure what else to check
We are using Layer 2 Tunneling Protocol with iPsec(L2TP/IPsec)
Require Encryption (disconnect if server declines)
Encryped Password (PAP)
Using a preshared key.
These setting have worked seamlessly with all others EXCEPT MINE !
Verified username and password. Verified Preshared Key.
Any suggestions ?
I started a case with Cisco, who had me do a packet capture. They confirmed that my PC was sending packets to Meraki. We checked IKE and AuthIP IPsec Keying service was set for "automatic" and running. It was...
We added correct registry key for "AssumeUDPEncapsulationCon
At this point, CISCO suggested I call ISP to see that my cable modem was set to enable VPN Passthrough. It is....
I then successfully added my Android tablet to connect VPN via the same wireless router/ ISP connection from my home. that worked fine.
Set my Windows 10 box to use 8.8.8.8. DNS...still no luck
Not sure what else to check
We are using Layer 2 Tunneling Protocol with iPsec(L2TP/IPsec)
Require Encryption (disconnect if server declines)
Encryped Password (PAP)
Using a preshared key.
These setting have worked seamlessly with all others EXCEPT MINE !
Verified username and password. Verified Preshared Key.
Any suggestions ?
New install of Essentials 2012. Configured router to forward 443 to server. Companyname.remotewebacces
Dear experts
My situation is quite complicated.
Generally, I m creating an VPN server.
For different client connect to the VPN Server from different country, I would like to provide different dhcp-range.
I understand that dnsmasq support multiple network.
My question is how I can use the tag indicator and the client will collect the correct dhcp-range in the VPN connection situation.
e.g.
--------------------------
# Address range for country1 clients
dhcp-range=tag:country1,19
# Address range for country2 clients
dhcp-range=tag:country2,19
# DHCP options given to known clients
# Subnet mask
dhcp-option=1,255.255.255.
# Default gateway
dhcp-option=3,192.168.1.1
# DNS server
dhcp-option=6,192.168.1.3
# Broadcast address
dhcp-option=28,192.168.1.2
--------------------------
My situation is quite complicated.
Generally, I m creating an VPN server.
For different client connect to the VPN Server from different country, I would like to provide different dhcp-range.
I understand that dnsmasq support multiple network.
My question is how I can use the tag indicator and the client will collect the correct dhcp-range in the VPN connection situation.
e.g.
--------------------------
# Address range for country1 clients
dhcp-range=tag:country1,19
# Address range for country2 clients
dhcp-range=tag:country2,19
# DHCP options given to known clients
# Subnet mask
dhcp-option=1,255.255.255.
# Default gateway
dhcp-option=3,192.168.1.1
# DNS server
dhcp-option=6,192.168.1.3
# Broadcast address
dhcp-option=28,192.168.1.2
--------------------------
Hi Experts,
I notice of recent that my end users that are connected by a site to site VPN connections are reporting that their Outlook clients are not staying updated and they are seeing a lot of lost connections and re-connections.
I am running Exchange 2013 server and 2010 and 2013 Outlook clients.
Any thoughts?
I notice of recent that my end users that are connected by a site to site VPN connections are reporting that their Outlook clients are not staying updated and they are seeing a lot of lost connections and re-connections.
I am running Exchange 2013 server and 2010 and 2013 Outlook clients.
Any thoughts?
Hello,
I have a server that is running SBS 2011 and MS Exchange 2010.
We had a power outage, and when the server came back, email didn't.
Yesterday we were able to send email, but not receive.
Today we can't do either.
This system is old, and we are in the process of upgrading to a new server and OS/Exchange - hopefully in the next few weeks - but we need our email up and running today!!
I am currently logged in remotely, via LogMeIn (because the VPN was also reset as a result of the outage - router issues).
When I open the Exchange console, and try to connect to the Exchange server, I get an error - The attempt to connect using Kerberos authentication failed: the client cannot connect to the destination specified in the request. Verify that the service on the destination is running and i accepting requests.
Any suggestions would be greatly appreciated!!
Amber
I have a server that is running SBS 2011 and MS Exchange 2010.
We had a power outage, and when the server came back, email didn't.
Yesterday we were able to send email, but not receive.
Today we can't do either.
This system is old, and we are in the process of upgrading to a new server and OS/Exchange - hopefully in the next few weeks - but we need our email up and running today!!
I am currently logged in remotely, via LogMeIn (because the VPN was also reset as a result of the outage - router issues).
When I open the Exchange console, and try to connect to the Exchange server, I get an error - The attempt to connect using Kerberos authentication failed: the client cannot connect to the destination specified in the request. Verify that the service on the destination is running and i accepting requests.
Any suggestions would be greatly appreciated!!
Amber
All, I have a user that continues to complain that they become disconnected from a remote "Terminal Server". I have multiple users, even from the same network, that are connecting to and using the server daily without disconnect issues. The user (All users), connect to the RDS through an IP-Sec VPN. I am stumped as to what may be the casue or where I could look?
I have already replaced/tested cabling to the users PC. The cable tested clean.
I have reviewed logs on both the PC, and the server and no errors.
I have verified connectivity from firewall and up time, no issues.
I've eliminated the possibility that there is interference on the network somehow, possibly from a rogue device or second DHCP server.
I've had the user connect through a second account to the server to eliminate possible profile corruption.
I am truly at a loss here and would like some guidance.
I have already replaced/tested cabling to the users PC. The cable tested clean.
I have reviewed logs on both the PC, and the server and no errors.
I have verified connectivity from firewall and up time, no issues.
I've eliminated the possibility that there is interference on the network somehow, possibly from a rogue device or second DHCP server.
I've had the user connect through a second account to the server to eliminate possible profile corruption.
I am truly at a loss here and would like some guidance.
How can I completely hide my current location, using a VPN, for the website owner when I am logged into this website?
Or will there always be a way for the website owner to find out my current location, even when using a VPN, for example if they use a script?
Or will there always be a way for the website owner to find out my current location, even when using a VPN, for example if they use a script?
The people behind ProtonMail (a secure email service) have released a Free option for their VPN service:
https://protonvpn.com/
Generally I'd shy away from a "free" VPN, because who knows who is really behind it or why it even is available, however ProtonMail has a really solid reputation. If you need a basic VPN for when you are on public wifi, I'd check it out.
https://protonvpn.com/
Generally I'd shy away from a "free" VPN, because who knows who is really behind it or why it even is available, however ProtonMail has a really solid reputation. If you need a basic VPN for when you are on public wifi, I'd check it out.
Active today
Thanks for the link! Gotta say, I find it comforting that they're in Switzerland. Seems rather appropriate!
Active today
If you're concerned with data privacy, Switzerland was historically good in this regard, but they've recently passed laws to allow mass government surveillance.
Estonia, Iceland and Georgia are generally top class of the countries that aren't part of the "14 eyes" alliance.
The VPN I use is US based, so it's not necessarily the best in terms of data privacy. However it does have great performance and a huge IP range.
Estonia, Iceland and Georgia are generally top class of the countries that aren't part of the "14 eyes" alliance.
The VPN I use is US based, so it's not necessarily the best in terms of data privacy. However it does have great performance and a huge IP range.
Industry Leaders: We Want Your Opinion!
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Getting very confused - cant get VPN to work. Have manually port forwarded 443 to the server. I ran Anywhere Access with the manual router config and all run OK for remote access and VPN. I have recreated the connection on the laptop and still get the remote connection was not made because the attempted vpn tunnels failed - please help.
Hi, just wanted to ask a bit of advice about changing IP addresses of a Server 2011 SBS network. To cut a long story short I have to create some VPN connections between 2 networks that are on the same subnet and I need to change one network to be on a different subnet.
Both networks are on 192.168.101.x
2 questions really, if I change the second network to 192.168.102.x will that be enough to stop any VPN issues?
Secondly, the network I'm going to change consists of a Watchguard Firewall, Windows 2011 SBS Server and a network printer. I have local physical access to the Firewall and Printer but not the server. I'd just like a bit of advice on what device IP I should change first as I don't want to end up losing connection (will be doing this all over a remote connection).
Many thanks
Adam
Both networks are on 192.168.101.x
2 questions really, if I change the second network to 192.168.102.x will that be enough to stop any VPN issues?
Secondly, the network I'm going to change consists of a Watchguard Firewall, Windows 2011 SBS Server and a network printer. I have local physical access to the Firewall and Printer but not the server. I'd just like a bit of advice on what device IP I should change first as I don't want to end up losing connection (will be doing this all over a remote connection).
Many thanks
Adam
HI, I have a windows 2008 server.
I have recently setup RRAS to allow incoming windows client VPN's.
when I connect an external client machine via windows VPN adapter (windows 10), it connects fine, I get an IP address from the server for the VPN. But cannot ping an resources at the office or any external IPs, such as google DNS.
Whats even more wierd, is that the 20 client machines in the office lose there internet connection. I know this, as we all use cloud based apps/databases and I get shouted at. Love my job.
I've researched plenty of forums, but none cover the issue.
I have setup a scope with in IPv4 tab
setup as LAN and demand-dial routing in the general tab under IPv4
WAN miniport PPTP is setup to remote access connections (inbound only), it did have demand dial routing inbound/outbound, but i unticked this.
any ideas
I have recently setup RRAS to allow incoming windows client VPN's.
when I connect an external client machine via windows VPN adapter (windows 10), it connects fine, I get an IP address from the server for the VPN. But cannot ping an resources at the office or any external IPs, such as google DNS.
Whats even more wierd, is that the 20 client machines in the office lose there internet connection. I know this, as we all use cloud based apps/databases and I get shouted at. Love my job.
I've researched plenty of forums, but none cover the issue.
I have setup a scope with in IPv4 tab
setup as LAN and demand-dial routing in the general tab under IPv4
WAN miniport PPTP is setup to remote access connections (inbound only), it did have demand dial routing inbound/outbound, but i unticked this.
any ideas
Similar to other posts we have to run Virtual Machines to accommodate Checkpoint VPN client just because all traffic passes through. We RDP to client jump boxes once connected. Forcibly setting route all to false doesn't change the outcome. Strangely, if we use the windows store checkpoint and win 10 Vpn it's ok. This is only with the client install, but the win store Vpn drops frequently and not desirable. Any help appreciated, doubtful client will change settings as we are 1 of many connecting.
I have a watchguard M400 (Fireware XTM 11.10) Firewall/Router with about 14 Branch Office VPN'c coming into it. We have a new software these BOVPN's need to access. There are two application servers running the software. I would like to load balance the connections to these servers. Can someone point me in the correct direction?
Knowing public access to our Internal CA is a HUGE security risk, is there a way to perform this in a more secure manor?
Is the best practice to up a known public CA?
We are in the process of setting up RAS for remote vpn
Is the best practice to up a known public CA?
We are in the process of setting up RAS for remote vpn
VPN
23K
Solutions
23
Articles & Videos
22K
Contributors
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
Top Experts In
VPN
-
1
arnold9,600 points -
2
masnrock8,100 points
-
3
Qlemo8,074 points -
4
David Johnson, CD, MVP6,596 points -
5
John Hurst2,875 points -
6
Rob Williams2,800 points -
7
Predrag2,500 points -
8
shalomc2,000 points -
9
Pete Long2,000 points -
10
LegendZM2,000 points -
11
Wayne882,000 points -
12
CompProbSolv2,000 points -
13
footech2,000 points -
14
Shawn Stewart2,000 points
-
15
Craig Beck1,800 points -
16
Dan McFadden1,800 points -
17
DrDave2421,800 points -
18
kevinhsieh1,300 points -
19
Natty Greg1,050 points -
20
Fred Marshall1,000 points -
21
Joseph Hornsey1,000 points -
22
btan1,000 points -
23
IntMediaNet1,000 points
-
24
Shaun Vermaak832 points -
25
Chris Gralike500 points -
26
David Vicente500 points -
27
Brandon Dube500 points -
28
David Favor500 points